CVE-2023-33229

LOW Year: 2023
CVSS v3 Score
3.5
Low
Weakness Type
CWE-94
View all →

Vulnerability Description

The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML.

Related Vulnerabilities

CVE-2024-21832

LOW
CVSS:3.5(Low)

A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body.

CWE-942024

CVE-2022-22270

LOW
CVSS:3.3(Low)

An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.

CWE-942022

CVE-2022-23434

LOW
CVSS:3.3(Low)

A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modi...

CWE-942022

CVE-2022-33725

LOW
CVSS:3.3(Low)

A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege.

CWE-942022

CVE-2024-28811

LOW
CVSS:3.3(Low)

An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS directory via HTTP invocations.

CWE-942024

CVE-2018-20896

LOW
CVSS:3.9(Low)

cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394).

CWE-942018